On 01/05/2019 22:29, mono.r...@gmail.com wrote:
2017 assessment report
LSTI didn't issue to Certinomis any "audit attestation" for the browsers in 2017. The
document Wayne references is a "Conformity Assessment Report" for the eIDAS regulation.
I had a look at the 2017 report, and unless I misread, it implies conformity to ETSI
EN 319 401 (Est vérifiée également la conformité aux normes: EN 319 401), whereas EN
319 401 states, "The present document is aiming to meet the general
requirements to provide trust and confidence in electronic
transactions including, amongst others, applicable requirements from Regulation (EU)
No 910/2014 [i.2] and those from CA/Browser Forum [i.4].", so I'm not sure how
that squares with saying it wasn't an audit taking CA/BF regulations into account?
But does EN 319 401, as it existed in 2016/2017 incorporate a clause to
apply all "future" updates to the CAB/F regulations or otherwise cover
all BRs applicable to the 2016/2017 timespan?
Because otherwise EN 319 401 compliance only implied compliance with
the subset of the BRs directly included in EN 319 401 or documents
incorporated by reference into EN 319 401 (the above quote is a
statement of intent to include the BR requirements that existed when
EN 319 401 was written).
That said, Mozilla policy at the time may have explicitly stated that an
EN 319 401 audit is/was sufficient for Mozilla inclusion purposes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy